#!/bin/bash

set -eux

### --start_docs
## Prepare network for deploying the overcloud
## ==================================================

## Prepare Your Environment
## ------------------------

## * Source in the undercloud credentials.
## ::

source {{ working_dir }}/stackrc

{% if overcloud_nodes is defined and overcloud_nodes and not overcloud_ipv6|bool %}
FENCING_RULE="-m udp -p udp -m multiport --dports {% for node in overcloud_nodes %}{{ node.virtualbmc_port }}{% if not loop.last %},{% endif %}{% endfor %} -m state --state NEW"
COMMENT="fencing_access_from_overcloud"
if ! sudo iptables -nvL INPUT | grep "$COMMENT"; then
    sudo iptables -I INPUT 1 $FENCING_RULE -m comment --comment "$COMMENT" -j ACCEPT
    sudo sh -c 'iptables-save > /etc/sysconfig/iptables'
fi
{% endif %}

{% if network_isolation|bool and not overcloud_ipv6|bool and (release in ['newton','ocata','pike','queens'] or not containerized_undercloud|bool) %}
## Setup Networking
## ----------------

## * Enable Masquerading for undercloud network.
##   This is only useful before Rocky cycle.
## ::

sudo iptables -w -t nat -D POSTROUTING -j BOOTSTACK_MASQ_OVB || true
sudo iptables -w -t nat -X BOOTSTACK_MASQ_OVB || true
sudo iptables -w -t nat -N BOOTSTACK_MASQ_OVB
sudo iptables -w -t nat -A BOOTSTACK_MASQ_OVB -s {{ undercloud_network_cidr }} -d {{ undercloud_network_cidr }} -j RETURN
sudo iptables -w -t nat -A BOOTSTACK_MASQ_OVB -s {{ undercloud_network_cidr }} -j MASQUERADE
sudo iptables -w -t nat -I POSTROUTING -j BOOTSTACK_MASQ_OVB
sudo iptables -w -t nat -F BOOTSTACK_MASQ || true
sudo iptables -w -t nat -D POSTROUTING -j BOOTSTACK_MASQ || true
sudo iptables -w -t nat -X BOOTSTACK_MASQ || true
sudo iptables -w -t nat -E BOOTSTACK_MASQ_OVB BOOTSTACK_MASQ

## * Enable NAT for "external" network.
## ::

RULE="-s {{undercloud_external_network_cidr}} ! -d {{undercloud_external_network_cidr}} -j MASQUERADE"
if ! sudo iptables -t nat -C BOOTSTACK_MASQ $RULE; then
    sudo iptables -t nat -A BOOTSTACK_MASQ $RULE
fi

sudo sh -c 'iptables-save > /etc/sysconfig/iptables'
{% endif %}

{% if network_isolation|bool and network_isolation_type in ['single-nic-vlans', 'single_nic_vlans', 'bond-with-vlans', 'bond_with_vlans', 'multiple-nics-vlans'] %}

{% if network_isolation_type in ['single_nic_vlans', 'bond_with_vlans'] %}
# NOTE: 'bond_with_vlans' and 'single_nic_vlans' are deprecated
echo "Network isolation types 'bond_with_vlans' and 'single_nic_vlans' are deprecated"
echo "Please use 'single-nic-vlans' and 'bond-with-vlans'"
{% endif %}
{% for name, network in (undercloud_networks|default({})).items() if name == 'external' %}

{% if not overcloud_ipv6|bool and network.device_type is defined and network.device_type == 'ovs' %}
sudo bash -c 'cat <<EOF > /etc/sysconfig/network-scripts/ifcfg-vlan{{ network.tag }}
ONBOOT=yes
BOOTPROTO=static
IPADDR={{ network.address }}
NETMASK={{ network.netmask }}
{% if network_isolation_type == 'multiple-nics-vlans' %}
DEVICE={{ external_interface }}.{{ network.tag }}
VLAN=yes
{% else %}
DEVICE=vlan{{ network.tag }}
DEVICETYPE={{ network.device_type }}
TYPE={{ network.type }}
OVS_BRIDGE={{ network.ovs_bridge }}
OVS_OPTIONS={{ network.ovs_options }}
{% endif %}
EOF'

sudo ifup ifcfg-vlan{{ network.tag }}

{% elif network.device_type is defined and network.device_type == 'ethernet' %}

sudo bash -c 'cat <<EOF > /etc/sysconfig/network-scripts/ifcfg-{{ network.device_name }}
DEVICE={{ network.device_name }}
ONBOOT=yes
TYPE=Ethernet
BOOTPROTO=static
IPADDR={{ network.address }}
NETMASK={{ network.netmask }}
EOF'

{% if overcloud_ipv6|bool %}

sudo bash -c 'cat <<EOF >> /etc/sysconfig/network-scripts/ifcfg-{{ network.device_name }}
IPV6ADDR={{ network.address6 }}
IPV6INIT=yes
EOF'

{%endif%}

sudo ifup ifcfg-{{ network.device_name }}

{%endif%}


{% endfor %}

{% endif %}

### --stop_docs
